Skip to main content

24 November 2022, 9:08 pm

Google Says Google and Other Android Manufacturers Haven't Patched Security Flaws tech.slashdot.org

Google Says Google and Other Android Manufacturers Haven't Patched Security Flaws

Google has disclosed several security flaws for phones that have Mali GPUs, such as those with Exynos chipsets. From a report: The company's Project Zero team says it flagged the problems to ARM (which produces the GPUs) back in the summer. ARM resolved the issues on its end in July and August. However, smartphone manufacturers including Samsung, Xiaomi, Oppo and Google itself hadn't deployed patches to fix the vulnerabilities as of earlier this week, Project Zero said. Researchers identified five new issues in June and July and promptly flagged them to ARM. "One of these issues led to kernel memory corruption, one led to physical memory addresses being disclosed to userspace and the remaining three led to a physical page use-after-free condition," Project Zero's Ian Beer wrote in a blog post. "These would enable an attacker to continue to read and write physical pages after they had been returned to the system." Beer noted that it would be possible for a hacker to gain full access to a system as they'd be able to bypass the permissions model on Android and gain "broad access" to a user's data. The attacker could do so by forcing the kernel to reuse the afore-mentioned physical pages as page tables.

Read more of this story at Slashdot.

Source